I don't think anything in imfile has changed for a while (not since the early
7.x days) so it should all match the documentation, as I say, sending logs with
newlines in them between machines requires tcp with octet framing (and will
still confuse a lot of log parsers, it's very common for each line to be treated
as a separate log entry). If you can change your logs to not be multi-line it
would be a significant improvement. paying off in the long run, even if you have
to tweak your log parsers
David Lang
On Fri, 9 May 2014, Muhammad Asif wrote:
Thanx for such a prompt reply, May GOD bless you with a beautiful Neighbour
:p
I have update rsyslog to version 8.2.1, now what options do we have?
On Fri, May 9, 2014 at 11:50 AM, David Lang <[email protected]> wrote:
look at http://www.rsyslog.com/doc/imfile.html, specifically the readmode
option and see if it can fit your need
the key question is how do you tell when a log entry has finished if it's
multiple lines?
also, I believe that with the current version, you need to use tcp octect
mode to sent the logs between machines, otherwise the newline will cause
the logs to be split again (I keep thinking I should work up a patch to
have the newline be escaped when combining lines, but I haven't gotten
around to it)
David Lang
On Fri, 9 May 2014, Muhammad Asif wrote:
Hi!
Thanx for prompt reply.
Now logs are being read from file and sent to remote server but there is
one issue. If a log consist of five lines, it sent as five separate logs.
In this way we r facing problem in parsing. How can i send whole log, no
matter how many lines it consist of, as a one log.
On Thu, May 8, 2014 at 10:26 PM, David Lang <[email protected]> wrote:
On Thu, 8 May 2014, Muhammad Asif wrote:
Hi!
Dear Rsyslog team,
Please help me regarding this issue. I am using rsyslog 5.8 which i can
not
update right now
I want to send apache2 and a web application name redmine logs to remote
rsyslog server. I am using the following approaches.
Add in rsyslog
apache2.* /var/log/syslog
apache2 is not a defined facility (see en.wikipedia.org/wiki/Syslog for
a
discuasion of facilities and severities)
what you can do is filter based on application name
:$programname, isequal, 'apache2' /var/log/syslog
for example
*.* @ remote server: 514 but no to avail.
Path for Apache2 logs : /var/log/apache2/access.log
Path for Redmine logs : /var/log/redmine/default/production.log
If you are needing to read from these files to get them into rsyslog (as
opposed to configuring apache and redmine to deliver their logs to
rsyslog
directly) then you need to look at imfile
www.rsyslog.com/doc/imfile.html
with 5.x you will be restricted to the legacy configuration described in
the bottom half of the page.
David Lang
How can i do that in best way.
Thanx in Advance.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
